I have two web servers, one for an intranet and the other for a website. The system specs of the two are almost the same, which is as follows:
CentOS 6.5
LAMP (Apache/2.2.15) + WordPress, which were installed with yum command
I am trying to renew their wildcard SSL certificate with a new one, which I recently got from GoDaddy. The zip file sent from GoDaddy includes the followings:
c************.crt
gd_bundle-g2-g1.crt
gd_intermediate.crt
The two servers share the same private key (test.key), which I am going to use for the new certificate too. So the 2 steps below is all I did on both servers.
(Step 1)
Copy the three files above to /etc/pki/tls/certs directory and edit the /etc/httpd/conf/httpd.conf so the keys "SSLCertificateFile" and "SSLCertificateChainFile" point to the new respective file. The file looks like below after editting.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/c************.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
AllowOverride All
DocumentRoot /var/www/html
ServerName *****.*********.com
(Step 2)
Restart the server
After the steps, I accessed both servers with google chrome and checked to see if the expiration date had changed. The expiration date on the intranet has changed like I had expected.
(before)
Valid from 6/17/2014 to 6/17/2015
(after)
Valid from 5/18/2014 to 6/17/2016
But the date on the website is still the same. Is there any other way to check if the certificate is successfully renewed? Or is there anything wrong about the steps I followed? I did not get any errors when I went through the steps and I am thinking that there might be some more steps I need to do to get a wildcard certificate to work.
Answer
1) Remember - Apache uses either httpd.conf
or ssl.conf
depending on how Apache was configured - since ssl.conf
is preferred make sure the "failing" server is NOT using ssl.conf
instead.
2) Have you tried copying the httpd.conf
file from the working server to the "failing" server. If everything else is the same, that should make SSL work, if it doesn't everything is NOT the same on the two servers - double check
No comments:
Post a Comment